Language Selection

English French German Italian Portuguese Spanish

FSF and GNU

Filed under
GNU

The Free Software Foundation (FSF) and the GNU Project were both started by Richard M. Stallman (RMS), and he served until recently as the head of both. Because of that, the relationship between the FSF and GNU has been fluid.

As part of our commitment to supporting the development and distribution of fully free operating systems, the FSF provides GNU with services like fiscal sponsorship, technical infrastructure, promotion, copyright assignment, and volunteer management.

GNU decision-making has largely been in the hands of GNU leadership. Since RMS resigned as president of the FSF, but not as head of GNU ("Chief GNUisance"), the FSF is now working with GNU leadership on a shared understanding of the relationship for the future. As part of that, we invite comments from free software community members at fsf-and-gnu@fsf.org.

Read more

FSF Is Re-Evaluating Its Relationship With The GNU

  • The FSF Is Re-Evaluating Its Relationship With The GNU

    With RMS resigning as head of the FSF but ultimately is remaining as head of the GNU, the Free Software Foundation is now publicly re-evaluating its relationship with the GNU.

    The FSF and GNU have long had a close relationship with the Free Software Foundation providing for GNU's financial needs, technical infrastructure, copyright assignment, volunteer management, and related duties. With RMS out of the FSF but not GNU, it has complicated this relationship especially with some still calling for RMS to be ousted from the GNU.

Joint statement on the GNU Project

  • Joint statement on the GNU Project

    We, the undersigned GNU maintainers and developers, owe a debt of gratitude to Richard Stallman for his decades of important work in the free software movement. Stallman tirelessly emphasized the importance of computer user freedom and laid the foundation for his vision to become a reality by starting the development of the GNU operating system. For that we are truly grateful.

    Yet, we must also acknowledge that Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to.

    We believe that Richard Stallman cannot represent all of GNU. We think it is now time for GNU maintainers to collectively decide about the organization of the project.

By Mark J. Wielaard

And now Bruce Byfield

  • What’s the Future of Free Software?

    Whether you think Richard M. Stallman is a creep who got what he deserved or a great man toppled by petty spite, one thing is certain: free software will never be the same without him. For better or worse, for the first time the movement does not have one man’s vision influencing goals. As a result, an unprecedented opportunity exists for self-evaluation.

    Of course free software in general and the Free Software Foundation in particular may not want to take the opportunity. Yet the suddenness of Stallman’s resignations makes at least one long-neglected issue impossible to ignore: how are the current leaders of free software to be replaced? Or do they need to be replaced at all? After all, much of the work of the FSF is already done by its executive director.

    Free software may not have any choice except change if it is going to survive. The last decade has seen an erosion of FSF authority that, if allowed to last another decade, might very well reduce free software to a private club that is ignored by others. The FSF needs badly to publicize its efforts, to cultivate the relations it had with journalists in the first years of the millennium, and to make common cause where possible — yes, even with those who prefer the term “open source” to “free software.”

Richard Stallman and the GNU project

  • Richard Stallman and the GNU project

    While Richard Stallman has resigned from the Free Software Foundation and MIT, he continues to hold onto his position as the head of the GNU project. Now, the FSF has announced that it is "working with GNU leadership on a shared understanding of the relationship for the future" and is seeking comments from the community on what that should be.

    Meanwhile, a group of maintainers for specific GNU project has posted a joint statement calling for new leadership at GNU. "We believe that Richard Stallman cannot represent all of GNU. We think it is now time for GNU maintainers to collectively decide about the organization of the project. The GNU Project we want to build is one that everyone can trust to defend their freedom."

"18 maintainers want him out as leader"

  • GNU means GNU's Not U: Stallman insists he's still Chief GNUisance while 18 maintainers want him out as leader

    On Monday, a group of maintainers of the GNU Project, the free operating system created by Richard Stallman, questioned Stallman's leadership and emitted a joint statement for rethinking how the project should be managed going forward.

    Late last month, after resigning as president of the Free Foundation in the wake of catastrophically insensitive statements posted to an MIT mailing list, and a social media backlash, Stallman also appeared to resign as the head of the GNU Project.

    A statement saying as much appeared on his personal website. But then it disappeared, leaving speculation that his site had been hacked.

    In an email to The Register, Matt Lee, a free and open-source software developer and one of the 18 signatories of the joint statement, offered support for that theory.

    "Regarding his website being defaced, Stallman's personal site has been hosted by Positive Internet in the UK for a long time and he has many volunteers who update parts of the site daily," Lee said.

[Some] Maintainers Move to Oust Richard Stallman from Leadership

  • GNU Project Maintainers Move to Oust Richard Stallman from Leadership

    The Stallman saga has continued to grow stranger in the aftermath of his resignations, as many were concerned that he would be homeless after his website featured a notice that he was “Seeking Housing,” accompanied by a link leading to his specific requirements for a temporary residence. His personal site was also reportedly vandalized nine days ago with a message that he was stepping down from the GNU.

    The defacement with the false GNU resignation message was reverted shortly thereafter on September 30, and replaced with the header saying he continues to be “Chief GNUisance of the GNU Project” with no intention of stopping soon. Stallman has not yet publicly acknowledged the statement from the GNU maintainers. He has also not yet responded to our request for comment.

thoughts on rms and gnu

  • thoughts on rms and gnu

    Yesterday, a collective of GNU maintainers publicly posted a statement advocating collective decision-making in the GNU project. I would like to expand on what that statement means to me and why I signed on.

    For many years now, I have not considered Richard Stallman (RMS) to be the head of the GNU project. Yes, he created GNU, speaking it into existence via prophetic narrative and via code; yes, he inspired many people, myself included, to make the vision of a GNU system into a reality; and yes, he should be recognized for these things. But accomplishing difficult and important tasks for GNU in the past does not grant RMS perpetual sovereignty over GNU in the future.

Ludovic Courtès (Guix) accusing Stallman of Thoughtcrime

  • Ludovic Courtès (Guix) accusing Stallman of Thoughtcrime

    It is in contradiction to GNU Kind Communication Guidelines: https://www.gnu.org/philosophy/kind-communication.html where by it says: "The only political positions that the GNU Project endorses are (1) that users should have control of their own computing (for instance, through free software) and (2) supporting basic human rights in computing."

    My domain gnu.support is not connected or sponsored by FSF, neither it is part of GNU project. It is there to publish my opinions or maybe opinions of other people, I am welcoming opinions on every page of this domain.

    I have asked Ludovic Courtès to state the facts that will prove and evidence their statement "that Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to." -- as such statement is baseless, fact-less, pure generalization and rumour.

Mark J. Wielaard's Take on GNU

SJVN at it again

  • GNU Project developers object to Richard M Stallman's continued leadership

    Sergey Matveev, a free-software supporter, wrote on a GNU mailing list that he was shocked about attacks and insults to Stallman -- as shown by some developers asking him to leave the GNU Project.

    Stallman himself appeared to have resigned from the Gnu Project when he resigned from the FSF. But this announcement was deleted. It's suspected his website had been hacked. Stallman, himself, has not said what happened.

RMS: No Radical Changes In GNU Project

  • RMS: No Radical Changes In GNU Project

    With Stallman sticking around as head of the GNU and with that the Free Software Foundation re-evaluating their GNU relationship, Richard Stallman is already saying there will be no major changes to the project he founded.

    RMS yesterday sent out a new message on the matter (though it only cleared the mailing list moderation queue a few minutes ago) on info-gnu. His newest message is simply:

    As Chief GNUisance, I'd like to reassure the community that there won't be any radical changes in the GNU Project's goals, principles and policies.

    I would like to make incremental changes in how some decisions are made, because I won't be here forever and we need to ready others to make GNU Project decisions when I can no longer do so. But these won't lead to unbounded or radical changes.

Stallman: No radical changes in GNU Project

  • Stallman: No radical changes in GNU Project
    As Chief GNUisance, I'd like to reassure the community
    that there won't be any radical changes in the GNU Project's
    goals, principles and policies.
    
    I would like to make incremental changes in how some decisions are
    made, because I won't be here forever and we need to ready others to
    make GNU Project decisions when I can no longer do so.  But these
    won't lead to unbounded or radical changes.
    
    -- 
    Dr Richard Stallman
    Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
    Internet Hall-of-Famer (https://internethalloffame.org)

Octave.app Statement on Richard Stallman

  • Octave.app Statement on Richard Stallman

    Octave.app is not itself a GNU effort, but depends heavily on and is involved with the work of the GNU Project, especially GNU Octave itself. As such, we feel the need to speak out about the issue of GNU founder Richard Stallman’s behavior.

    Octave.app’s maintainers believe that the Free and Open Source community should be welcoming to a wide population of users and contributors. We also believe that the ideals of Free and Open Source software can best be supported through inclusion, equality, and respect for diversity. Our community’s leadership needs to support those goals, in both words and actions.

    The Octave.app maintainers are deeply troubled by Stallman’s recent statements trivializing sexual assault, and by his history of other exclusionary or offensive statements and behavior. We join the Software Freedom Conservancy in calling for Stallman to step down from positions of leadership in the Free Software movement. We are glad that he has resigned from the Free Software Foundation, and call for the GNU community to reassess his role as head of the GNU Project, and to find a governance arrangement that better supports the need for an inclusive, welcoming community.

Justice for Dr. Richard Matthew Stallman

  • Justice for Dr. Richard Matthew Stallman

    Dr. Richard Matthew Stallman (born 16 March 1953), often known by his initials rms, and occasionally upper-case RMS, is an American free (libre) software movement activist, hacker and programmer. He campaigns for software to be distributed in a manner such that its users receive the freedoms to use, study, distribute, and modify that software. Software that ensures these four freedoms is termed free software. Stallman launched the GNU Project, founded the Free Software Foundation, developed the GNU Compiler Collection and GNU Emacs, and wrote the GNU General Public License.

    Richard Stallman is currently the object of an Internet defamatory campaign which forced him to resign from his position at MIT and even from the FSF which he founded himself. He has actual flaws, but the campaign is largely motivated by mischaracterizations, disproportionality and intolerance.

How Richard Stallman repealed Dodd-Frank Act

  • How Richard Stallman repealed Dodd-Frank Act

    In a democracy people should have the right to free speech. Stallman only used that. But his idea was wrong. He accepted that and corrected it. By asking his resignation FSF made lot of confusion. They should have to apologize to Stallman and the public for making this unnecessary issues. Lets bring back Stallman to FSF and Gnu.

    Free speech should be projected. (hate speech and lies are not free speech. its violence)

Regarding an Erroneous Allegation in Richard Stallman’s Disgrace

  • Correction: Regarding an Erroneous Allegation in ‘Richard Stallman’s Disgrace’

    As soon as I read this, I was nearly certain my email correspondent had made exactly this mistake, conflating Stallman with Raymond, and that I had passed the error along. I sincerely and deeply regret the error. I should have known Stallman would never have worked with VA Linux (he’d have insisted upon it being named “VA GNU/Linux”, and likely would have had no interest in what was a very commercial enterprise no matter what its name) and also should have remembered that Stallman was never married.

    [...]

    To be clear, my source is a man, and it was he who conflated Raymond (“ESR”) with Stallman (“RMS”). His former colleague at VA Linux, the woman who was propositioned by Raymond, surely remembers it clearly.

    I have updated the original article to remove the anecdote quoted above, and to point to this correction. My source for the anecdote made an honest error — as Shaw suggests conflating two well-known “TLA Old Nerds”. It was my fault and mine alone for publishing it. Again, I regret the mistake, and apologize for it.

Censorship going on

  • Freedom from censorship on mailing lists

    One prominent tool used to construct the fake community is the email discussion list.

    When people join a discussion list, they assume and believe that they are being exposed to a wide range of opinions. Therefore, when some opinions or critical information is hidden, ordinary members of the list are deceived. People have not consented to this deception.

    In 2018, FSFE used these tactics to make it appear that nobody supported elections any more. In 2019, rogue elements of the Free Software Foundation (FSF) staff used the same tactics to undermine their own founder, Richard Stallman. FSF is the organization that explains their use of the word Free using the phrase Free as in speech, not free as in beer. When they don't even allow Free Speech on their own LibrePlanet-discuss mailing list, the organization loses all credibility.

GNU Project maintainers push to remove Richard Stallman from GNU

  • GNU Project maintainers push to remove Richard Stallman from GNU Project

    At first, it was unclear if Stallman was also resigning from the GNU project after his comments were made public. A message on his website said he was resigning from the GNU project, but it was later deleted. He also released a message that stated: “I recently resigned as president of the FSF, but the FSF continues to provide several forms of crucial support for the GNU Project. As head of the GNU Project, I will be working with the FSF on how to structure the GNU Project’s relationship with the FSF in the future.”

    While the group of GNU maintainers and developers do point out that they own Stallman “a debt of gratitude” for his “decades of important work in the free software movement,” they also acknowledge that “Stallman’s behavior over the years has undermined a core value of the GNU project: the empowerment of all computer users.”

No justification for Stallman’s resignation

  • No justification for Stallman’s resignation

    Richard Stallman, the founder of Free Software Movement, resigned. Did he do something wrong? No. He had some wrong beliefs that he openly told to a semi private email list. Thats a good thing. He openly said things. So others get opportunity to correct him. Right? No. It created a land slide. Finally he was forced to resign from the same institution he founded in 1984 to protect software user’s rights. Then his own project members rejected them. I could not find any genuine reason for all these.

    All these happened because he said something about a news article appeared on a news portal. Actually he was analyzing the words used in news article. Ok let it be a bad thing. So you decided it was wrong and asked for his resignation. You have to make a press release about things. Every is fine. I will accept it.

    But this was not happened. In the same email discussion somebody wrote that that person was worried about the mail get leaking to press. That happened. Email reached outside. Online lynch mob began. Facebook events organized for protest against him. There was a smear campaign event in officially started. Lot of media telling all kinds of lies about Stallman. Then Stallman’s comment came that he was forced to resign from FSF president position.

    This is wrong. I cannot accept it. But FSF did that. By accepting the resignation what FSF tell the world that they approves all smear campaign and lies spread in the society. In another words you can say that FSF secretly conspired with others for these smear campaign to fire Stallman. That usually happen in power structures.

LWN Reproduced

Audio on this topic

  • Linux Action News 127

    Richard Stallman's GNU leadership is challenged by an influential group of maintainers, SUSE drops OpenStack "for the customer," and Google claims Stadia will be faster than a gaming PC.

    Plus OpenLibra aims to save us from Facebook but already has a miss, lousy news for Telegram, and enormous changes for AMP.

Use and throw culture based on lies...

  • Use and throw culture based on lies can’t be coming from Free Software philosophy

    Similar thing happened to Stallman. Actually in an ironic way. This community is created by Stallman only. By 1980s beginning software sharing community was ceased to exist. Then 1983 Stallman himself gave birth to a new community with all legal protection. Because before there were no legal framework for sharing software. Stallman used copyleft idea and GPL to create such a community. There were no help and there were no support. Last 35 years he worked for that.

    Now some new bosses think that he dont look good. He is boring, repeating same thing all these 35 years. Lets get rid off him. You idiots, actually this is his house. You people piggybacked there.

    Still you can have a say if Stallman did anything wrong about free software. But there is nothing he did wrong. Still again I may support you if you with some guts initiate a trial against him on your own behalf. But you did nothing. Instead what you a shameless creature did? Hiding bind an upset woman reacting to smear campaign and lies. This is unacceptable and unethical.

Another go from Mark Wielaard

  • Re: Turning GNU into a bottom-up organization
    
    Various GNU project actually already work a bit like this. First you
    become a contributor by submitting some trivial patches, then you add
    more meaningful patches and a copyright assignment/disclaimer, when
    consistently providing meaningful patches and showing you can cooperate
    with other developers following the GNU way you get committer status
    and can mentor others by reviewing and installing their patches, you
    might become a subsystem maintainer or even a GNU (co-)maintainer and
    be trusted to and responsible for writing policy for the project. The
    GNU maintainers of related packages can then come together to form a
    technical committee to coordinate GNU policy to make the GNU system
    more consistent that others might then adopt for their packages.
    
    
  • GNU Project Developers Debate A Restructuring As A "Bottom Up" Organization

    GNU developers unhappy with Richard Stallman sticking around as head of the GNU Project and not planning to make any "radical" changes are now expressing their desire for the GNU to be restructured as a "bottom-up" organization whereby those active developers and volunteers involved could potentially have more say.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Graphics: Taiwins 0.2, Etnaviv, V3DV, Libre-SOC, X.Org/FreeDesktop.org and More

  • Taiwins 0.2 is out
    Hi all,
    
    A long while ago [1]. I introduced the Taiwins wayland compositor. It was
    built upon libweston. It turned out despite my attempts, I couldn't get my
    patches to merge in libweston. Libweston has quite a few bugs and missing
    features to fit the role of a daily driver.
    
    These past few months, Taiwins was going through a long refactoring process
    in migrating from libweston. Today, taiwins uses a very thin layer of
    wlroots for hardware abstraction, the next release will target on removing
    the reliance of wlroots as well. Today it has the features of:
    
    - dynamic window management.
    - extensible and easy configuration through lua.
    - very efficient GL renderer, updates only the damages.
    - a widget system and you can create widgets through lua as well.
    - built-in shell and application launcher.
    - configurable theme.
    - emacs-like key sequence based binding system.
    - built-in profiler and rendering debugger.
    
    Along the way, I developed Twobjects [2], a backend agnostic wayland object
    implementation for compositors. This library implements basic wayland
    protocols as well as various other wayland protocols like 'xdg-shell' and
    many more. Using twobjects, you can focus on building your own unique
    features for the compositor and let it handle the most tedious protocol
    implementations.It doesn't expose everything as `wl_signals` like wlroots
    does, so you don't need to write additional glue code for it.
    
    Taiwins is still in development but missing features are getting less and
    less, you can check out its website https://taiwins.org or if you would
    like to help, check out the project page https://github.com/taiwins/taiwins
    for getting started.
    
    Thanks,
    Xichen
    
    
  • Taiwins 0.2 Released As Modular Wayland Compositor That Supports Lua Scripting

    Back in May the Taiwins Wayland compositor was announced as a compact compositor based on Libweston while Thursday marked its second release. With Taiwins 0.2 the switch was made from using libweston as a basis for the compositor to now using Sway's WLROOTS library. Libweston was dropped over open bugs and other issues and in part the ability to get patches easily merged back into upstream libweston. So with the shortcomings of the Weston library, Taiwins 0.2 is now running on WLROOTS. However, by the next release they hope to have their thin layer over WLROOTS removed so that library isn't needed either.

  • Etnaviv Gallium3D Adds On-Disk Shader Cache Support

    Etnaviv as the open-source, reverse-engineered OpenGL graphics driver for Vivante graphics IP now has support for an on-disk shader cache.

  • V3DV Developers Lay Out Plans For Upstreaming The Raspberry Pi 4 Vulkan Driver In Mesa

    Building off the V3DV driver talk at XDC2020 about this open-source Vulkan driver for the Raspberry Pi 4 driver, the Igalia developers responsible for this creation have laid out their plans on getting this driver upstream within Mesa. In a mailing list post today they note they are down to just 18 test cases failing for the Vulkan CTS while 106,776 tests are passing for this Vulkan Conformance Test Suite. Vulkan games like the respun versions of Quake 1-3 and OpenArena are working along with various game emulators. Various Vulkan demos also run well too.

  • Libre-SOC Still Persevering To Be A Hybrid CPU/GPU That's 100% Open-Source

    The project that started off as Libre-RISC-V with aims to be a Vulkan accelerator but then decided on the OpenPOWER ISA rather than RISC-V is still moving ahead under the "Libre-SOC" branding. Libre-SOC continues to be led by Luke Kenneth Casson Leighton and this week he presented both at the OpenPOWER Summit and X.Org Developers' Conference (XDC2020) on his Libre-SOC dreams of having a 100% fully open SoC on both the software and hardware sides while being a hybrid CPU/GPU. Similar to the original plans when targeting RISC-V that it would effectively be a SoC but with new vector instructions optimized for graphics workloads, that's still the plan albeit now using OpenPOWER as a base.

  • X.Org Is Getting Their Cloud / Continuous Integration Costs Under Control

    You may recall from earlier this year that the X.Org/FreeDesktop.org cloud costs were growing out of control primarily due to their continuous integration setup. They were seeking sponsorships to help out with these costs but ultimately they've attracted new sponsors while also better configuring/optimizing their CI configuration in order to get those costs back at more manageable levels.

  • Intel Submits More Graphics Driver Updates For Linux 5.10

    Building off their earlier Intel graphics driver pull request of new material queuing ahead of the Linux 5.10 cycle, another round of updates were submitted on Friday.

  • Mike Blumenkrantz: Long Week

    Once again, I ended up not blogging for most of the week. When this happens, there’s one of two possibilities: I’m either taking a break or I’m so deep into some code that I’ve forgotten about everything else in my life including sleep. This time was the latter. I delved into the deepest parts of zink and discovered that the driver is, in fact, functioning only through a combination of sheer luck and a truly unbelievable amount of driver stalls that provide enough forced synchronization and slow things down enough that we don’t explode into a flaming mess every other frame. Oops. I’ve fixed all of the crazy things I found, and, in the process, made some sizable performance gains that I’m planning to spend a while blogging about in considerable depth next week. And when I say sizable, I’m talking in the range of 50-100% fps gains.

  • Watch the ACO shader compiler and Vulkan Ray Tracing talks from XDC 2020

    With XDC 2020 (X.Org Developers Conference) in full swing, we've been going over the various presentations to gather some interesting bits for you. Here's more on the ACO shader compiler and Vulkan Ray Tracing. You can find more info on XDC 2020 in the previous article, and be sure not to miss our round-up of Valve developer Pierre-Loup Griffais talk about Gamescope. More talks were done across yesterday, with the first one we're mentioning here being from Timur Kristóf who is currently a contractor for Valve who talked about ACO (the newer Mesa shader compiler for AMD graphics). The idea behind ACO which Valve announced back in 2019, for those not aware, is to give a smoother Linux gaming experience with less (or no) stuttering with Vulkan with faster compile times for shaders. Kristóf goes over lots of intricate details from being in the experimental stages to eventually the default in Mesa with it now having support across 5 different generations of AMD GPUs.

Security Leftovers

  • Zerologon – hacking Windows servers with a bunch of zeros

    The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everyone else talks about logging in, but on Windows you’ve always very definitely logged on – and it is an authentication bypass, because it lets you get away with using a zero-length password. You’ll also see it referred to as CVE-2020-1472, and the good news is that it was patched in Microsoft’s August 2020 update.

  • Rethinking Security on Linux: evaluating Antivirus & Password Manager solutions

    Recently I had an experience that let me re-evaluate my approach to Security on Linux. I had updated my Desktop computer to the latest openSUSE Leap (15.2) version. I also installed the proprietary Nvidia drivers. At random points during the day I experienced a freeze of my KDE desktop. I cannot move my mouse or type on my keyboard. It probably involves Firefox, because I always have Firefox open during these moments. So for a couple of days, I try to see in my logs what is going on. In /var/log/messages (there is a very nice YaST module for that) you can see the latest messages. Suddenly I see messages that I cannot explain. Below, I have copied some sample log lines that give you an impression of what was happening. I have excluded the lines with personal information. But to give you an impression: I could read line for line the names, surnames, addresses and e-mail addresses of all my family members in the /var/log/messsages file. [...] I needed to find out what was happening. I needed to know if a trojan / mallware was trying to steal my personal information. So I tried searching for the ZIP archive which was referenced. This might still be stored somewhere on my PC. I used KFind to lookup all files which were created in the last 8 hours. And then I found a lot of thumbnail files which were created by… Gwenview. Stored in a temp folder. I started to realize that it might not be a hack, but something that was rendering previews, just like in Gwenview. I checked Dolphin and detected that I had the preview function enabled. I checked the log files again. Indeed, whenever I had opened a folder with Dolphin, all Word and Excel files in that folder were ‘processed’. I browsed several folders after deleting Calligra and there were no more log lines added. I re-installed the Calligra suite and noticed the calligra-extras-dolphin package. I browsed the same folders and indeed, the log lines started appearing all over again. I had found the culprit. It wasn’t a hack.

  • New vulnerabilities allow hackers to bypass MFA for Microsoft 365

    Critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365 which use the protocol according to new research from Proofpoint. As a result of the way Microsoft 365 session login is designed, an attacker could gain full access to a target's account including their mail, files, contacts, data and more. At the same time though, these vulnerabilities could also be leveraged to gain access to other cloud services from Microsoft including production and development environments such as Azure and Visual Studio. Proofpoint first disclosed the these vulnerabilities publicly at its virtual user conference Proofpoint Protect but they have like existed for years. The firm's researchers tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues.

  • NIST Password Guidelines

    The National Institute of Standards and Technology (NIST) defines security parameters for Government Institutions. NIST assists organizations for consistent administrative necessities. In recent years, NIST has revised the password guidelines. Account Takeover (ATO) attacks have become a rewarding business for cybercriminals. One of the members of the top management of NIST expressed his views about traditional guidelines, in an interview “producing passwords that are easy to guess for bad guys are hard to guess for legitimate users.” (https://spycloud.com/new-nist-guidelines). This implies that the art of picking the most secure passwords involves a number of human and psychological factors. NIST has developed the Cybersecurity Framework (CSF) to manage and overcome security risks more effectively.

  • Steps of the cyber kill chain

    The cyber kill chain (CKC) is a traditional security model that describes an old-school scenario, an external attacker taking steps to penetrate a network and steal its data-breaking down the attack steps to help organizations prepare. CKC is developed by a team known as the computer security response team. The cyber kill chain describes an attack by an external attacker trying to get access to data within the perimeter of the security Each stage of the cyber kill chain shows a specific goal along with that of the attacker Way. Design your Cyber Model killing chain surveillance and response plan is an effective method, as it focuses on how the attacks happen. Stages include,

  • Security updates for Friday

    Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv).

  • The new BLESA Bluetooth security flaw can keep billions of devices vulnerable

    Billions of smartphones, tablets, laptops, and Linux-based IoT devices are now using Bluetooth software stacks that are potentially susceptible a new security flaw. Titled as BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.

  • Are you backing up ransomware with your data?
  •              
  • German Hospital Hacked, Patient Taken to Another City Dies
                     
                       

    German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

  •  
  • Woman dies during a ransomware attack on a German hospital [iophk: Windows kills]
                     
                       

    The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital.

  •                
  • Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
                     
                       

    Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs).

                       

    The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsoft’s August 2020 security updates. However, this week at least four public PoC exploits for the flaw were released on Github, and on Friday, researchers with Secura (who discovered the flaw) published technical details of the vulnerability.

Linux Kernel and Linux Foundation

  • Preparing for the realtime future

    Unlike many of the previous gatherings of the Linux realtime developers, their microconference at the virtual 2020 Linux Plumbers Conference had a different feel about it. Instead of being about when and how to get the feature into the mainline, the microconference had two sessions that looked at what happens after the realtime patches are upstream. That has not quite happened yet, but is likely for the 5.10 kernel, so the developers were looking to the future of the stable realtime trees and, relatedly, plans for continuous-integration (CI) testing for realtime kernels.

  • Profile-guided optimization for the kernel

    One of the many unfortunate consequences of the Covid-19 pandemic was the cancellation of the 2020 GNU Tools Cauldron. That loss turned out to be a gain for the Linux Plumbers Conference, which was able to add a GNU Tools track to host many of the discussions that would have otherwise occurred at Cauldron. In that track, Ian Bearman presented his group's work using profile-guided optimization with the Linux kernel. This technique, which he often referred to as "pogo", is not straightforward to apply to the kernel, but the benefits would appear to justify the effort. Bearman is the leader of Microsoft's GNU/Linux development-tools team, which is charged with supporting those tools for the rest of the company. The team's responsibilities include ensuring the correctness, performance, and security of those tools (and the programs generated by them). Once upon a time, the idea of Microsoft having a GNU tools team would have raised eyebrows. Now, he said, about half of the instances in the Microsoft cloud are running Linux, making Linux a big deal for the company; it is thus not surprising that the company's cloud group is his team's biggest customer. There was recently, he said, an internal customer working on a new Linux-based service that asked his team for performance help. After some brainstorming, the group concluded that this would be a good opportunity to use profile-guided optimization; the customer would have control of the whole machine running the service and was willing to build a custom kernel, making it possible to chase performance gains at any level of the system. But there was a small problem in that the customer was unable to provide any code to allow workload-specific testing.

  • Conventions for extensible system calls

    The kernel does not have just one system call to rename a file; instead, there are three of them: rename(), renameat(), and renameat2(). Each was added when the previous one proved unable to support a new feature. A similar story has played out with a number of system calls: a feature is needed that doesn't fit into the existing interfaces, so a new one is created — again. At the 2020 Linux Plumbers Conference, Christian Brauner and Aleksa Sarai ran a pair of sessions focused on the creation of future-proof system calls that can be extended when the need for new features arises. Brauner started by noting that the problem of system-call extensibility has been discussed repeatedly on the mailing lists. The same arguments tend to come up for each new system call. Usually, developers try to follow one of two patterns: a full-blown multiplexer that handles multiple functions behind a single system call, or creating a range of new, single-purpose system calls. We have burned ourselves and user space with both, he said. There are no good guidelines to follow; it would be better to establish some conventions and come to an agreement on how future kernel APIs should be designed. The requirements for system calls should be stronger, and they should be well documented. There should be a minimal level of extensibility built into every new call, so that there is never again a need to create a renameat2(). The baseline, he said, is a flags argument; that convention is arguably observed for new system calls today. This led to a brief side discussion on why the type of the flags parameter should be unsigned int; in short, signed types can be sign extended, possibly leading to the setting of a lot of unintended flags. Sarai took over to discuss the various ways that exist now to deal with system-call extensions. One of those is to add a new system call, which works, but it puts a big burden on user-space code, which must change to make use of this call. That includes checking to see whether the new call is supported at all on the current system and falling back to some other solution in its absence. The other extreme, he said, is multiplexers, which have significant problems of their own.

  • Lua in the kernel?

    BPF is, of course, the language used for network (and other) customization in the Linux kernel, but some people have been using the Lua language for the networking side of that equation. Two developers from Ring-0 Networks, Lourival Vieira Neto and Victor Nogueira, came to the virtual Netdev 0x14 to present that work. It consists of a framework to allow the injection of Lua scripts into the running kernel as well as two projects aimed at routers, one of which is deployed on 20 million devices. Neto introduced the talk by saying that it was also based on work from Ana Lúcia de Moura and Roberto Ierusalimschy of the Pontifical Catholic University of Rio de Janeiro (PUC-Rio), which is the home organization of the Lua language. They have been working on kernel scripting since 2008, Neto said, developing the Lunatik framework for Linux. It allows kernel developers to make their subsystems scriptable with Lua and also allows users to load and run their Lua scripts in the kernel.

  • OpenZFS 2.0-RC2 Released With Dozens Of Fixes

    Nearly one month ago OpenZFS 2.0 saw its first release candidate while now it's been succeeded by another test candidate in time for some weekend exposure. OpenZFS 2.0 is a huge update for this open-source ZFS file-system implementation in that it mainlines FreeBSD support alongside Linux, there is Zstd compression support, many performance optimizations, fast clone deletion, sequential resilvering, and a lot of other improvements and new features.

  • New /dev/random Implementation Hits 35th Revision

    Going on for more than four years now has been creating a new /dev/random implementation and this Friday marks the 35th revision to this big set of patches that aim for better performance and security. The code has been through many changes over the years for this new "Linux Random Number Generator" (LRNG).

  • Linux 5.10 To Support AMD SME Hardware-Enforced Cache Coherency

    Linux 5.10 is set to support a new feature of AMD Secure Memory Encryption (SME) as part of the Secure Encrypted Virtualization (SEV).

  • Linux 5.9 To Allow Controlling Page Lock Unfairness In Addressing Performance Regression

    Following the Linux 5.0 to 5.9 kernel benchmarks on AMD EPYC and it showing the in-development Linux 5.9 kernel regressing in some workloads, bisecting that issue, and that bringing up the issue of the performance regression over page lock fairness a solution for Linux 5.9 has now landed. [...] Long-term Linus Torvalds and other upstream developers will be looking at further improving the page lock behavior, but merged today for Linux 5.9 was a short-term solution. The change is allowing a controlled amount of unfairness in the page lock.

  • Notes from an online free-software conference

    An online event requires an online platform to host it. The Linux Foundation, which supports LPC in a number of ways, offered a handful of possibilities, all of which were proprietary and expensive. One cannot blame the Linux Foundation for this; the events group there was under great pressure with numerous large events going up in flames. In such a situation, one has to grasp at whatever straws present themselves. We, though, had a bit more time and a strong desire to avoid forcing our attendees onto a proprietary platform, even if the alternative required us to build and support a platform ourselves. Research done in those early days concluded that there were two well-established, free-software systems to choose from: Jitsi and BigBlueButton. Either could have been made to work for this purpose. In the end, we chose BigBlueButton for a number of reasons, including better-integrated presentation tools, a more flexible moderation system, and a more capable front-end system (though, as will be seen, we didn't use that part). BigBlueButton worked out well for LPC, but it must be said that this system is not perfect. It's a mixture of highly complex components from different projects glued together under a common interface; its configuration spans literally hundreds of XML files (and some in other formats). It only runs on the ancient Ubuntu 16.04 distribution. Many features are hard to discover, and some are outright footguns: for moderators, the options to exit a meeting (leaving it running) and to end the meeting (thus kicking everybody else out, disposing of the chat session, and more) are adjacent to each other on the menu and look almost identical. Most worryingly, BigBlueButton has a number of built-in scalability limitations. The FAQ says that no BigBlueButton session should have more than 100 users — a limitation that is certain to get the attention of a conference that normally draws around 600 people. A lot of work was done to try to find out what the real limitations of the platform were; these included automated testing and running a couple of "town hall" events ahead of the conference. In the end, we concluded that BigBlueButton would do the job if we took care not to stress it too hard.

  • September 2020 Linux Foundation Newsletter
  •        
  • Open Source Collaboration is a Global Endeavor, Part 2

    The Linux Foundation would like to reiterate its statements and analysis of the application of US Export Control regulations to public, open collaboration projects (for example, open source software, open standards, open hardware, and open data) and the importance of open collaboration in the successful, global development of the world’s most important technologies. Today’s announcement of prohibited transactions by the Department of Commerce regarding WeChat and TikTok in the United States confirms our initial impact analysis for open source collaboration. Nothing in the orders prevents or impacts our communities’ ability to openly collaborate with two valued members of our open source ecosystem, Tencent and ByteDance. From around the world, our members and participants engage in open collaboration because it is open and transparent, and those participants are clear that they desire to continue collaborating with their peers around the world.

  • Linux Foundation Certified IT Administrator Exam To Be Launched Soon
  • Linux Foundation launches new entry-level IT certification

    If you're Linus Torvalds, you don't need a certification to get a job. People know who you are. But most of us trying to get a start in technology need a certification. Now, The Linux Foundation, the nonprofit, open-source powerhouse organization, and Certiverse, a certification testing startup, have announced they're working on a new entry-level IT certification offering: The Linux Foundation Certified IT Associate (LFCA).

IBM/Red Hat/Fedora Leftovers

  • Red Hat Named a Leader by Independent Research Firm in Multicloud Container Development Platforms Evaluation

    Red Hat was evaluated for The Forrester Wave™ based on 29 criteria across three categories: Current Offering, Strategy and Market Presence. Red Hat OpenShift received the highest scores among evaluated products in each of these categories, with the maximum possible score in both the Strategy and Market Presence categories. According to Forrester’s evaluation, "OpenShift is the most widely deployed multicloud container platform and boasts powerful development and unified operations experiences across many public and on-premises platforms. Red Hat pioneered the ‘operator’ model for infrastructure and application management and provides a rich partner ecosystem and popular marketplace. Red Hat and IBM aim to make ‘build once, deploy anywhere’ a reality; both companies’ deep commitment to Kubernetes-powered modernization has paid off, moving OpenShift further ahead of the market since Forrester’s last evaluation."

  • In the Clouds with Red Hat Leadership: Joe Fernandes

    Red Hat’s senior leadership is having to execute at an ever-increasing pace. This episode of In the Clouds provides host Chris Short inviting thoughtful and candid discussions with the one and only Joe Fernandes, VP & GM Core Cloud Platforms.

  • IBM Publishes Quantum Computing Roadmap

    IBM has published a roadmap for the future of its quantum computing hardware, which indicates that the company is on its way to building a quantum processor with more than 1,000 qubits—and somewhere between 10 and 50 logical qubits—by the end of 2023. IBM’s Dario Gil believes that 2023 will be an inflection point in the industry, with the road to the 1,121-qubit machine driving improvements across the stack.

  • How emotionally intelligent leaders handle 6 difficult situations during the pandemic

    Emotional intelligence, or EQ, has always been an important component of effective leadership. However, the impact of the COVID-19 pandemic has both heightened the awareness of EQ in the workplace and also tested it. What’s more, the pandemic is just one of multiple stressors IT leaders and their employees may be dealing with right now. There’s also a divisive upcoming election. High levels of unemployment. Civil unrest. Any of a number of natural disasters. And then the normal day-to-day stress of work. “Essentially, when we are tired, or sick, or stressed, we don’t have the same ability to manage our reactions. So we might not react in a way that’s consistent with who we want to be as a leader, manager, or team player. Right now, we’re dealing with a lot of different stressors at once,” says Janele Lynn, owner of the Lynn Leadership Group, who helps leaders build trusting relationships through emotional intelligence.

  • Justin W. Flory: A reflection: Gabriele Trombini (mailga)

    Two years passed since we last met in Bolzano. I remember you traveled in for a day to join the 2018 Fedora Mindshare FAD. You came many hours from your home to see us, and share your experiences and wisdom from both the global and Italian Fedora Community. And this week, I learned that you, Gabriele Trombini, passed away from a heart attack. To act like the news didn’t affect me denies my humanity. In 2020, a year that feels like it has taken away so much already, we are greeted by another heart-breaking loss. But to succumb to the despair and sadness of this year would deny the warm, happy memories we shared together. We shared goals of supporting the Fedora Project but also learning from each other. So, this post is a brief reflection of your life as I knew you. A final celebration of the great memories we shared together, that I only wish I could have shared with you while you were still here.

  • Remi Collet: PHP version 7.3.23RC1 and 7.4.11RC1

    Release Candidate versions are available in testing repository for Fedora and Enterprise Linux (RHEL / CentOS) to allow more people to test them. They are available as Software Collections, for a parallel installation, perfect solution for such tests, and also as base packages. RPM of PHP version 7.4.11RC1 are available as SCL in remi-test repository and as base packages in the remi-test repository for Fedora 32-33 or remi-php74-test repository for Fedora 31 and Enterprise Linux 7-8. RPM of PHP version 7.3.23RC1 are available as SCL in remi-test repository and as base packages in the remi-test repository for Fedora 31 or remi-php73-test repository for Enterprise Linux.

  • Man-DB Brings Documentation to IBM i

    IBM i developers who have a question about how a particular command or feature works in open source packages now have an easy way to look up documentations, thanks to the addition of support for the Man-DB utility in IBM i, which IBM unveiled in late July. Man-DB is an open source implementation of the standard Unix documentation system. It provides a mechanism for easily accessing the documentation that exists for open source packages, such as the Node.js language, or even for commands, like Curl. The software, which can be installed via YUM, only works with open source software on IBM i at the moment; it doesn’t support native programs or commands.

  • Open Mainframe Project Announces Record Growth with the Launch of Four New Projects, a COBOL Working Group and Micro Focus as a New Member
  • Cockpit Project: Cockpit 228

    Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from Cockpit version 228.

  • Managing the security of your Red Hat Enterprise Linux environment with Red Hat Insights

    When it comes to managing security risks, enterprises face an increasing number of challenges. One of these challenges is managing the security health of the IT infrastructure and this is a critical, ongoing, constantly evolving need. As an enterprise, managing the security risks on your infrastructure without any disruption to the business has become a critical exercise. The security of your infrastructure is no longer a concern only for the security roles in your organization. Security topics are repeatedly brought up in the C-suite and in board discussions. When the stakes are high and the health or your business depends on it, you need to have a game plan to stay ahead of these risks while keeping the operational costs in check.

  • Supporting the touchless banking customer experience

    In this new-experience economy, banks are going to need to not only meet, but exceed customer expectations. What are financial institutions going to do to ensure that their customers can have the experience that they desire while feeling safe when visiting a branch, interacting with an advisor, or conducting routine and complex financial transactions? Supporting the touchless customer experience will require the right amount of technology and acceptable in-person interactions to ensure that the financial institution is providing the necessary level of empathy while ensuring that the customers and employees remain safe. While handshakes will need to be put on hold, there are ways banks can safely engage with customers from the time that they enter the branch or reach out through digital channels.

  • Kubeflow 1.0 monitoring and enhanced JupyterHub builds in Open Data Hub 0.8

    The new Open Data Hub version 0.8 (ODH) release includes many new features, continuous integration (CI) additions, and documentation updates. For this release, we focused on enhancing JupyterHub image builds, enabling more mixing of Open Data Hub and Kubeflow components, and designing our comprehensive end-to-end continuous integration and continuous deployment and delivery (CI/CD) process. In this article, we introduce the highlights of this newest release. [...] In an effort to allow data scientists to turn their notebooks into Argo Workflows or Kubeflow pipelines, we’ve added an exciting new tool called Elyra to Open Data Hub 0.8. The process of converting all of the work that a data scientist has created in notebooks to a production-level pipeline is cumbersome and usually manual. Elyra lets you execute this process from the JupyterLab portal with just a few clicks. As shown in Figure 1, Elyra is now included in a JupyterHub notebook image. [...] As part of our effort to make Kubeflow and Open Data Hub components interchangeable, we’ve added monitoring capabilities to Kubeflow. With ODH 0.8, users can add Prometheus and Grafana for Kubeflow component monitoring. Currently, not all Kubeflow components support a Prometheus endpoint. We did turn on the Prometheus endpoint in Argo, and we’ve provided the example dashboard shown in Figure 3, which lets users monitor their pipelines.

  • Call for Code Daily: regional finalists, problem solvers, and Kode With Klossy

    The power of Call for Code® is in the global community that we have built around this major #TechforGood initiative. Whether it is the deployments that are underway across pivotal projects, developers leveraging the starter kits in the cloud, or ecosystem partners joining the fight, everyone has a story to tell. Call for Code Daily highlights all the amazing #TechforGood stories taking place around the world. Every day, you can count on us to share these stories with you. Check out the stories from the week of September 14. [...] In precarious times like the ones we are dealing with right now, it’s important to recognize that everyone is feeling the repercussions. While COVID-19 impacted corporations, schools, and retailers at scale, it also impacted young children around the world who are adjusting to their new normal. In an effort to engage this community and provide an outlet to relieve stress and anxiety for those that fall into this category, the TravelQuest team, comprised of Kode With Klossy Scholars, developed an app that blends gamification with educational entertainment to boost the emotional states for all its users.

  • Why go with agile integration?

    You probably have heard about agile integrations, and you may wonder why should you adopt it anyways? Well, technology today is becoming smarter than ever. This is the time to not only trust the technology, but also to rethink of how you can modernize your applications in a distributed, hybrid and multicloud world. Data is growing dramatically over the years, and enterprises are challenged to derive rich insights and knowledge from the huge amounts of data. However, enterprises face many challenges and bottlenecks when connecting various systems or applications within heterogeneous environments, due to portability and interoperability limitations. In addition, there is an increasing demand for continuous integration and continuous delivery and continuous deployment (CI/CD). Businesses today acquire the agility and rapid response to changing business demands in a continuous manner. In such scenarios, a centralized traditional integration might not be the best idea. Comparatively, an agile integration perfectly fits and helps to reduce the costs and increase the speed, and additionally allows a room of innovation.

  • Q&A: Unleashing the Beast—Bringing Linux to IBM Z

    Bringing Linux to IBM Z was an important moment in IBM’s history. What was it like to start your career at such an exciting moment? Betzler: When I started at IBM, we were looking at green screens—quite different from the IBM Z user experience today. But what I really saw behind the screen was the potential to innovate. How could I get more access to this amazing computer? How could we unleash the beast of Linux on Z? Adlung: We knew there was a need for a smart way to bring Unix back to the mainframe. The answer was open source and Boas proposed using Linux for it—and I was ready to be among the first to attempt it. Betzler: I knew if we could get Java onto the mainframe, we needed an operating system. If we could use open and modern technology and code that was available as open source, I knew we could innovate. We started on what was supposed to be a fun project. But it quickly turned into an overnight and weekend activity. Adlung: People often asked us “Why are you doing this?” And 20 years earlier I’d always say, “because we can.” We had a vision—not just programming for the sake of programming. We wanted to bring the Linux experience to the mainframe, which implied embracing open source programming, which was unheard at that time. And with a spirited team working at 3 a.m. in our spare time, we had the potential to go from a skunkworks project to a strategic imperative for the company. We were pushing the envelope at every turn.